Ahh, I got you. We do use hbac rules, I did not think I need to add crond as a 
service to allow because it isn't even in the list of services available but I 
see that I do have to just manually add the service. Thank you, it is working 
now

      From: Rob Crittenden <rcrit...@redhat.com>
 To: Justean <juste...@yahoo.com>; "freeipa-users@redhat.com" 
<freeipa-users@redhat.com> 
 Sent: Friday, November 14, 2014 11:43 AM
 Subject: Re: [Freeipa-users] user can't run crons after setting rhel 5 servers 
as ipa client
   
Justean wrote:


> Our Redhat 5.10 servers that were moved into our IPA domain cannot run
> any IPA user's crons we can't even list the crons:
> 
> crontab -l "you (/username/) are not allowed to access to (crontab)
> because of pam configuration"
> 
> I don't know if I should be manually editing the
> /etc/pam.d/system-auth-ac and/or /etc/pam.d/crond to get this working
> and if so what I should put for the config.
> 
> The client version is ipa-client-2.1.3-7.el5.x86_64 and the server
> version is ipa-server-3.0.0-42.el6.x86_64

I would suspect this is due to HBAC. Do you use the HBAC feature?
Perhaps you need to add rules for these hosts.

rob



   
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to